Virginia is for longer data retention
Task force led by commonwealth's attorney general says ISPs should aid police by keeping e-mails, customer information.
Echoing similar calls from U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller earlier this year, the latest suggestions arrived in a 103-page report drawn up by Virginia Attorney General Bob McDonnell (click for PDF) and his 6-month-old Youth Internet Safety Task Force.
Bob McDonnell
"It is the responsibility of business to assist in the apprehension of those who violate the promise of the Internet and prey upon children," the report said in its introductory section. The report did not address how these databases of customer information would be secured or whether they would be available to attorneys in civil lawsuits through subpoenas.
Although all Internet service providers already are legally required to preserve user data when requested by federal police, and some retain their users' connection logs for a few months, practices differ between companies. That means that "there is continuing need for ways of improving and streamlining procedures for disclosing pertinent information," the report went on to say.
Still, rather than prescribing data retention laws, as some members of Congress have supported, the task force makes a vague instruction to Internet service providers: they should commit to "keeping data relevant to such investigations and engaging at the national level to help define appropriate policies."
That seemingly softer recommendation is likely a reflection of the broader divide over the issue that is mirrored in the task force's makeup. Its members include representatives from various state and local law enforcement bodies, schools, educational agencies, parenting organizations, and corporate entities such as Yahoo, News Corp.'s MySpace.com, Microsoft, Time Warner's AOL and Sony.
Law enforcement officials and Internet companies have been at odds over the notion of adopting European-style data retention rules because ISPs maintain that retaining such vast amounts of data presents inordinately high costs and could pose security and privacy complications.
Internet companies also argue that they're already obligated to help law enforcement under a 1996 federal law. Called the Electronic Communication Transactional Records Act, it requires Internet providers to retain any "record" in their possession for 90 days, "upon the request of a governmental entity."
As an alternative to mandatory data retention, the task force report also proposes various methods designed to speed up the legal process involved in requesting data preservation.
AOL, which announced that it had donated $100,000 to the state for use in launching an Internet safety awareness campaign, applauded the conclusions. "The findings in this report, if implemented, will help make Virginia a safer place to raise a family," Mark Hileman, the Dulles, Va.-based company's deputy general counsel, said in a statement.
But Internet companies aren't likely to be free from the specter of national data retention laws yet. An FBI representative told CNET News.com recently that the agency continues to support data retention, viewing it as "crucial in advancing our cyberinvestigations to include online sexual exploitation of children." A representative for the National Association of Attorneys General said she wasn't aware that anything had changed since 49 of the state officials signed a letter (click for PDF) in June urging Congress to act on the issue.
Virginia Attorney General McDonnell, a Republican, emphasized that the task force's top recommendation is increasing education and awareness of potential dangers for children online.
"Parents and kids must be more aware of online dangers, and they must be equipped with safety solutions," he said in a statement Wednesday.
The report also recommends a bevy of other steps, including "tough new sentences" for people who produce or traffic in child pornography, or who solicit children for sex online. It recommends requiring that sex offenders register their e-mail addresses and other Net aliases with law enforcement. Just before Congress went home for the year, Arizona Sen. John McCain proposed a similar idea on a national scale.